Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Correct Form? Web Access Restriction 1

Status
Not open for further replies.
FurryGorilla

FurryGorilla

Technical User
Apr 11, 2001
76
GB
Hi, sorry if this is the wrong forum to post into but if it is can you point me in the right direction :)

We are having a few problems at work with staff accessing web sites that they shouldn't be. They only need access to one specific IP address/computer name to enable them to log their figures for the day.

We have access to all the PCs that have been (ab)used so can install software, edit the registry, change settings, etc.

If anyone could come up with a solution for this I'd be incredibly grateful (I'd get in the plant manager's good books too ;-))

Thanks
Chris
 
Sort by date Sort by votes
Oops, sorry meant Correct Forum :)

Also, we'd like to try avoiding the use of local firewalls if at all possible.
 
Upvote 0 Downvote
I am not certain that there is a correct forum for your question (an I am not an expert on proxy servers) but it sounds like you may need to setup a proxy server so that you can block http requests to the internet or at least restrict sites that can be called. Have you looked into this as a possible solution?

Just a suggestion.
 
Upvote 0 Downvote
Thanks Joegz

Yep, we're investigating this at the moment. Hopefully we can come up with a reasonable solution.

It would have been handy if there was some sort of registry key that could have been added but we'll keep trying.

Thanks once again
Chris

 
Upvote 0 Downvote
Chris,

Here's how we did it at our library:

How to Lock-In Web Addresses on Internet Explorer 5


The following method allows you to lock in Internet Explorer 5 to a defined group of web addresses. This method is designed for library workstations that are intended for use with web-based OPACs or Online Database but not for general Internet surfing. By changing the proxy settings in Internet Explorer, your patrons will only be able to access those sites that you allow.

STEP 1
From the menu bar, select Tools and Internet Options. Click on the tab labeled Connections.

STEP 2
At the bottom of the Connections panel is a box labeled LAN Settings. Click on this box.

STEP 3
In the box labeled Local Area Network (LAN) Settings, go to the section labeled Proxy Server and check the box labeled Use a Proxy Server. This will "ungrey" the rest of the settings.

STEP 4
Click on the button labeled Advanced to open the panel labeled Proxy Settings.

STEP 5
In the section labeled Servers, under Proxy Address to use, enter a word or phase like Online Catalogs into the box next to HTTP: This provides a "dummy" address that will prevent the browser from going out to the Internet.

STEP 6
At the bottom of the section labeled Servers, check the box labeled Use the same proxy server for all protocals. This will automatically complete the other boxes with what you entered in Step 5. This setting will prevent users from accessing FTP and Gopher sites through the web broswer.

STEP 7
In the section labeled Exceptions, enter the domains of the addresses that you DO want patrons to access. For example, I would enter " to allow access to our web catalog. Follow the instructions and make sure to use semi-colons between entries if you need to enter more than one domain.

STEP 8
Click on the OK boxes until you return to Internet Explorer. Now test your settings by browsing to your site that you entered in the exceptions. Now, try surfing to a site that is not allowed - the browser should not be able to "find" the site. If you have any questions, first check the FAQ listed below.

Frequently Asked Questions:

Q: How do I allow access to a single domain [i.e. all ".gov" sites]?
A: Enter in the domain name [gov, edu, etc.] into the exceptions box with a wildcard [*] and a dot [.]before the domain name For example, *.gov This will allow access to all sites ending in ".gov" but no other domains. You can be as general or specific as you want.

Q: I've entered in a the domain name for my database but it won't connect properly. Why not?
A: Many of the online databases use multiple servers with multiple domain names to present the information. Try using a more general domain entry in the exceptions box. For example, instead of using "infotrac.galegroup.com/itweb/lom_waterfordtpl", use the more general "galegroup.com" - this will allow the browser to access all sub-domains at "galegroup.com".

==========================================================
There are many ways for installing software.

Go to start>Run, and type:
notepad c:\windows\control.ini. Add this to the [Don't Load] section:
APPWIZ.CPL=no
This will hide the Add/Remove Programs icon in control Panel.
=================================================
You'll need to hide drives such as the A: and D: (CD-ROM)
backup the registry and/or export the following keys:
go to Start>Run, type regedit. Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explore
r
Right-click on the Explorer key, choose new>DWORD value, name it NoDrives.
To restict the A: (floppy), you need to assign a decimal value of 1. To
disable the CD-ROM (if it's drive D:) you would assign the decimal value 8.
To restrict both, you set a demcimal value of 9.
=================================================
You need to prevent them from accessing the Run box:
Add a new>DWORD value named NoRun to the above key.
==================================================
You need to prevent them from using Internet Explorer's address bar as a run
box>
Add a new>DWORD value named NoFileUrl to the above key.
==================================================
Another way is to define only certain priograms that can be run. This can be a dangerous move
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Add a new>DWORD value, named RestrictRun and give it a value of 1

Now create a newKey named RestrictRun under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
and define applications that you want access to run.

Ex. So you don't hose your system off the bat, right-click on the RestrictRun key, choose new>StringValue, name it the number 1.Right-click on that, choose modify and type in regedit.exe. This is your way out if things go wrong. You should define apps such as your virus scanner and other programs you want access to. If the program isn't defined under the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths
You'll have to type in the full path to the program.
Ex.
2. E:\Program Files\Micrografx\ABC Graphics Suite\Picture Publisher 8\pp80.exe

reghakr
 
Upvote 0 Downvote
Many thanks reghakr. I've been away over the last few days so haven't been able to respond but the information you've given me is extremely helpful. Thank You :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

grnzbra
  • Locked
  • Question
Formatting Full Hard Drive 1
Replies
7
Views
796
austinpctech
austinpctech
dik
  • Locked
  • Question
Connecting a Web Camera
Replies
1
Views
185
dik
dik
keithinoz
  • Locked
  • Question
add ip address to quick access 2
Replies
4
Views
938
keithinoz
keithinoz
dik
  • Locked
  • Question
Blocking Websites
Replies
5
Views
4K
hairlessupportmonkey
hairlessupportmonkey
lmcate
  • Locked
  • Question
Can't Access a Folder on Windows
Replies
2
Views
277
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top